Lucene search
K

5112 matches found

OSV
OSV
added 2022/05/13 1:48 a.m.14 views

GHSA-6CVM-V6QJ-HJQ9 CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier in GitHubTokenCredentialsCreator.java that allows attackers to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in...

8.8CVSS8.5AI score0.90894EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:25 a.m.11 views

GHSA-5R8Q-9FWV-2GPR Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

7.1CVSS6.8AI score0.01133EPSS
Exploits0References6
OSV
OSV
added 2022/05/13 1:18 a.m.21 views

GHSA-W3F7-2QFW-348X Jenkins HipChat Plugin allows credential capture due to incorrect authorization

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another...

8.8CVSS8.6AI score0.01064EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:18 a.m.18 views

Jenkins HipChat Plugin allows credential capture due to incorrect authorization

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another...

8.8CVSS4.6AI score0.01064EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2022/05/13 12:0 a.m.15 views

Adobe Character Animator越界写入漏洞

Adobe Character Animator, a motion capture and animation tool from Adobe, is vulnerable to an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...

9.3CVSS3.4AI score0.02679EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2022/05/12 10:45 a.m.53 views

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan RAT is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic G...

7.4AI score
Exploits0References6
Huntr
Huntr
added 2022/05/11 7:56 p.m.18 views

Uncontrolled Resource Consumption in "Category Editor"

Description The Organizr application allows large characters to insert in the input field "Category Editor" which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request. Proof of Concept 1.Login to the application 2.Go to "Tab Editor" - "Categories" . 3.Click on the +...

2.1AI score
Exploits0References1
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.263 views

ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure

Exploit Title: ManageEngine ADSelfService Plus Build 6118 - NTLMv2 Hash Exposure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/self-service-password/download.html Details:...

8.8CVSS9.1AI score0.07724EPSS
Exploits4
Cvelist
Cvelist
added 2022/05/10 9:46 a.m.22 views

CVE-2022-24042

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...

9.1AI score0.00899EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.26 views

多款Siemens产品代码问题漏洞

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

9.1CVSS8.2AI score0.00899EPSS
Exploits0References5
CNVD
CNVD
added 2022/05/09 12:0 a.m.39 views

HUAWEI HarmonyOS Information Disclosure Vulnerability (CNVD-2022-50634)

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS security component, which stems from a serial number capture vulnerability in th...

7.5CVSS7.5AI score0.0062EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.4 views

HUAWEI HarmonyOS 安全漏洞

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS security component, which stems from a serial number capture vulnerability in th...

7.5CVSS7.4AI score0.0062EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/04/28 12:0 a.m.47 views

Mitsubishi Electric FA Products Authentication Bypass By Capture-Replay (CVE-2022-25159)

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5UC CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack. This plugin only works with...

8.1CVSS7AI score0.02068EPSS
Exploits0References4
Kitploit
Kitploit
added 2022/04/27 12:30 p.m.67 views

O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a...

7.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/04/25 12:0 a.m.29 views

EulerOS 2.0 SP5 : wireshark (EulerOS-SA-2022-1554)

According to the versions of the wireshark packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture...

7.5CVSS7.3AI score0.03879EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2022/04/20 12:0 a.m.253 views

Pharmacy Management System 1.0 SQL Injection

Exploit Title: Pharmacy management system - 'email' SQL injection Date: 19/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version: 1.0...

0.4AI score
Exploits0
OSV
OSV
added 2022/04/19 2:5 p.m.4 views

CLSA-2022-1650377152 Fix CVE(s): CVE-2020-11724

SECURITY UPDATE: HTTP request smuggling in Lua module - debian/modules/nginx-lua: Fix parsing HTTP headers in the ngx.location.capture API porting an upstream patch 9ab38e8ee35fc08a57636b1b6190dca70b0076fa from https://github.com/openresty/lua-nginx-module - CVE-2020-11724...

7.5CVSS7.1AI score0.02599EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.3 views

The vulnerability of the microprogrammed software of the MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ programmable logic controllers lies in the ability to bypass the authentication process, allowing unauthorized access to enhance one’s privileges.

The vulnerability of the microprogrammed software of the MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ programmable logic controllers lies in the ability to bypass the authentication process by using capture-replay techniques to manipulate the captured parameters. Exploiting this...

5.9CVSS6.8AI score0.02068EPSS
Exploits0References4
Prion
Prion
added 2022/04/12 6:15 p.m.16 views

Input validation

Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials...

6.8CVSS8AI score0.00659EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/04/12 9:15 a.m.2 views

CVE-2022-28329

A vulnerability has been identified in SCALANCE W1788-1 M12 All versions V3.0.0, SCALANCE W1788-2 EEC M12 All versions V3.0.0, SCALANCE W1788-2 M12 All versions V3.0.0, SCALANCE W1788-2IA M12 All versions V3.0.0. Affected devices do not properly handle malformed TCP packets received over the...

6.5CVSS5.7AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder